Management frames can be manipulated to create various types of DoS attacks. Two common management frame attacks include:
/Spoofed disconnect attach: This occurs when an attacker sends a series of “disassociate” commands to all wireless clients within a BSS. These commands cause all clients to disconnect. When disconnected, the wireless clients immediately try to re-associate, which creates a burst of traffic. The attacker continues sending disassociate frames and the cycle repeats itself.
CTS flood: This occurs when an attacker takes advantage of the CSMA/CA contention method to monopolize the bandwidth and deny all other wireless clients access to the AP. To accomplish this, the attacker repeatedly floods the BSS with Clear to Send (CTS) frames to a bogus STA. All other wireless clients sharing the RF medium receive the CTS and withhold their transmissions until the attacker stops transmitting the CTS frames.
If you are notcing these alerts regularly, yo ucan consider enabling MFP (802.11w) on your controller / controller less deployment. Along with that, there will be predefine values (threshold) and config with respect to IDS.
